Home Sign Up Sign In
Evi1m0

Jinja2 2.0 /utils.py urlize vulnerability

  •   
  •   Evi1m0 · Oct 31, 2014 · 4409 views
    This topic created in 4237 days ago, the information mentioned may be changed or developed.
    关于v2ex的这几个跨站漏洞,问题出现在Jinja2的模版引擎,其中/utils.py urlize处理不当导致漏洞产生,新版本不存在此漏洞。

    http://weibo.com/3274966043/Bu6ZnAWo1
    http://www.hackersoul.com/post/jinja2_2_0_urlize_vulnerability.html
  • utils.py
  • urlize
  • Jinja2
    4 replies    2015-12-11 13:49:45 +08:00
    Evi1m0
        1
    Evi1m0  
    OP
       Oct 31, 2014
    @Livid here :)
    fucker
        2
    fucker  
       Oct 31, 2014
    mark
    Livid
        3
    Livid  
    MOD
    PRO
       Nov 1, 2014
    :)

    赞!
    Evi1m0
        4
    Evi1m0  
    OP
       Dec 11, 2015
    <img src="test">
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   6099 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 58ms · UTC 02:04 · PVG 10:04 · LAX 19:04 · JFK 22:04
    ♥ Do have faith in what you're doing.